Lucene search
Veracode Vulnerability DatabaseVERACODE:39095HistoryFeb 03, 2023 - 6:24 a.m.
Command Injection
2023-02-0306:24:46
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
command injection
vulnerability
git
library
behavior
confusion
specially crafted command
host os
container image
0.002 Low
EPSS
Percentile
56.5%
github.com/rancher/wrangler is vulnerable to Command Injection attacks. An attacker is able to change the library’s behavior and cause confusion when a specially crafted command is executed through Git, because it uses the underlying Git binary present on the host OS or container image.
References
bugzilla.suse.com/show_bug.cgi?id=1200299
github.com/advisories/GHSA-qrg7-hfx7-95c5
github.com/rancher/wrangler/commit/12397eec50155cb2d24aa70bdf9e90c5f3b9a727
github.com/rancher/wrangler/commit/341018c8fef3e12867c7cb2649bd2cecac75f287
github.com/rancher/wrangler/commit/5a387e13e8d51e3340d9e5012a1951f0cca5fc90
github.com/rancher/wrangler/commit/8649ecc062204f28764fd80157a621cbae89c9cf
Related
osv
osv
CVE-2022-31249
2023-02-07 13:15:09
Command injection in Git package in Wrangler
2023-01-25 19:40:43
Command injection in github.com/rancher/wrangler
2023-02-14 19:34:35
cvelist
cvelist
CVE-2022-31249 [RANCHER] OS command injection in Rancher and Fleet
2023-02-07 00:00:00
nvd
nvd
CVE-2022-31249
2023-02-07 13:15:09
prion
prion
Command injection
2023-02-07 13:15:00
github
github
Command injection in Git package in Wrangler
2023-01-25 19:40:43
cve
cve
CVE-2022-31249
2023-02-07 13:15:09